bot_ym
/
water-management-system
Sledovat 6
Oblíbit 0
Rozštěpit 0
Zdrojový kód Úkoly 0 Požadavky na natažení 0 Vydání 0 Wiki Activity
智慧水务管理系统 - 精河县供水工程综合管理平台
84 Revize
90 Větve
Strom: f6a7b11cba
Větve Značky
${ item.name }
Create branch ${ searchTerm }
from 'f6a7b11cba'
${ noResults }
water-management-system/frontend/node_modules/axios/CHANGELOG.md

CHANGELOG.md 131KB
Historie Surový

Changelog

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
  • Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
  • React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
  • Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
  • Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
  • Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
  • Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
  • Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

  • HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
  • Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
  • CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
  • Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
  • Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
  • Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.16.1 — May 13, 2026

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

🔒 Security Fixes

  • Prototype Pollution Defence-in-Depth: Hardened formDataToJSON against already-polluted Object.prototype by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (#7413)
  • Proxy Cleartext Leak: Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (#10858)
  • CI Cache Removal: Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (#10882)

🐛 Bug Fixes

  • Data URI Parsing: Updated the fromDataURI regex to match RFC 2397 more strictly, fixing edge cases in data: URL handling. (#10829)
  • Unicode Headers: Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (#10850)
  • XHR Upload Progress: Guarded against malformed ProgressEvent payloads emitted by some environments during XHR upload, preventing crashes when loaded / total are missing or invalid. (#10868)
  • Webpack 4 Fetch Adapter: Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (#10864)
  • Type Definitions: Made parseReviver context.source optional in the type definitions to align with the ES2023 specification. (#10837)
  • URL Object Support Reverted: Reverted the change that allowed passing a URL object as config.url (originally #10866) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (#10874)

🔧 Maintenance & Chores

  • Cycle Detection Refactor: Replaced the array-based cycle tracker in toJSONObject with a WeakSet, improving performance and memory behaviour on large nested structures. (#10832)
  • composeSignals Cleanup: Refactored composeSignals to use a clearer early-return structure, simplifying the cancellation/abort composition path. (#10844)
  • AI Readiness & Repo Docs: Added AGENTS.md and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (#10835, #10841)
  • Docs Improvements: Clarified the GET request example, fixed the interceptor eject example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (#10836, #10853, #10856)
  • Sponsorship Tooling: Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (#10843, #10859, #10869)
  • Dependencies: Bumped @commitlint/cli from 20.5.0 to 20.5.2. (#10846)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

  • Fetch adapter now enforces maxBodyLength and maxContentLength. These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (#10795)
  • Proxy requests now preserve user-supplied Host headers. Previously, the proxy path could overwrite a custom Host. Virtual-host-style routing through a proxy will now behave correctly. (#10822)
  • Basic auth credentials embedded in URLs are now URL-decoded. If you have percent-encoded credentials in a URL (e.g. https://user:p%40ss@host), the decoded value is what now goes on the wire. (#10825)
  • parseProtocol now strictly requires a colon in the protocol separator. Strings that loosely parsed as protocols before may no longer match. (#10729)
  • Deprecated unescape() replaced with modern UTF-8 encoding. Non-ASCII URL handling is now spec-correct; consumers depending on legacy unescape() quirks may see different output bytes. (#7378)
  • transformRequest input typing change was reverted. The typing change introduced in #10745 was reverted in #10810 after follow-up review — net behavior is unchanged from 1.15.2. (#10745, #10810)

🚀 New Features

  • QUERY HTTP Method: Added support for the QUERY HTTP method across adapters and type definitions. (#10802)
  • ECONNREFUSED Error Constant: Exposed ECONNREFUSED as a constant on AxiosError so callers can match connection-refused failures without comparing string literals (closes #6485). (#10680)
  • Encode Helper Export: Exported the internal encode helper from buildURL so userland param serializers can reuse the same encoding logic that axios uses internally. (#6897)

🐛 Bug Fixes

  • HTTP Adapter — Redirects & Headers: Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing requestDetails argument on beforeRedirect, preserved user-supplied Host headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (#10794, #10800, #6241, #10822, #10825)
  • HTTP Adapter — Streams & Timeouts: Preserved the partial response object on AxiosError when a stream is aborted after headers arrive, honoured the timeout option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and maxRedirects: 0. (#10708, #10819, #7149)
  • Fetch Adapter: Enforced maxBodyLength / maxContentLength in the fetch adapter, set the User-Agent header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a TypeError in restricted environments. (#10795, #10772, #10806, #7260)
  • XHR Adapter: Unsubscribed the cancelToken and AbortSignal listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (#10787)
  • Error Handling: Attached the parsed response to AxiosError when JSON.parse fails inside dispatchRequest, prevented settle from emitting undefined error codes, and tightened the parseProtocol regex to require a colon in the protocol separator. (#10724, #7276, #10729)
  • Types & Exports: Aligned the CommonJS CancelToken typings with the ESM build, fixed a compiler error caused by RawAxiosHeaders, and re-exported create from the package index. (#7414, #6389, #6460)
  • UTF-8 Encoding: Replaced the deprecated unescape() call with a modern UTF-8 encoding implementation. (#7378)
  • Misc Cleanup: Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (#10833)

🔧 Maintenance & Chores

  • Refactor — ES6 Modernisation: Modernised the utils module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (#10588, #7419)
  • Tests: Hardened the HTTP test server lifecycle to fix flaky FormData EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (#10820, #10791, #10796)
  • Docs: Documented paramsSerializer.encode for strict RFC 3986 query encoding, updated the parseReviver TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (#10821, #10782, #10759, #10804)
  • Reverted: Reverted the transformRequest input typing change from #10745 after follow-up review. (#10745, #10810)
  • Dependencies: Bumped actions/setup-node, the github-actions group, and postcss (in /docs) to their latest versions. (#10785, #10813, #10814)
  • Release: Updated changelog and packages, and prepared the 1.16.0 release. (#10790, #10834)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.15.2 - April 21, 2026

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

  • Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)
  • SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)
  • Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

  • allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

  • Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

  • Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog

v1.15.1 - April 19, 2026

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

  • Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)

  • CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)

  • Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)

  • withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)

  • maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)

  • Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)

  • Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

  • AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (#10705)

  • Location Request Header Type: Adds Location to CommonRequestHeadersList for accurate typing of redirect-aware requests. (#7528)

🐛 Bug Fixes

  • FormData Handling: Removes Content-Type when no boundary is present on FormData fetch requests, supports multi-select fields, cancels request.body instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (#7314, #10676, #10702, #10726)

  • HTTP Adapter: Handles socket-only request errors without leaking keep-alive listeners. (#10576)

  • Progress Events: Clamps loaded to total for computable upload/download progress events. (#7458)

  • Types: Aligns runWhen type with the runtime behaviour in InterceptorManager and makes response header keys case-insensitive. (#7529, #10677)

  • buildFullPath: Uses strict equality in the base/relative URL check. (#7252)

  • AxiosURLSearchParams Regex: Improves the regex used for param serialisation to avoid edge-case mismatches. (#10736)

  • Resilient Value Parsing: Parses out header/config values instead of throwing on malformed input. (#10687)

  • Docs Artefact Cleanup: Removes the docs content that was incorrectly committed. (#10727)

🔧 Maintenance & Chores

  • Threat Model & Security Docs: Ongoing refinement of THREATMODEL.md, including Hopper security update, TLS and tag-replay wording, mitigation descriptions, decompression-bomb guidance, and further cleanup. (#10672, #10715, #10718, #10722, #10763, #10765)

  • Test Coverage & Migration: Expanded shouldBypassProxy coverage for wildcard/IPv6/edge cases, documented and tested AxiosError.status, and migrated progressEventReducer tests to Vitest. (#10723, #10725, #10741)

  • Type Refactor: Uses TypeScript utility types to deduplicate literal unions. (#7520)

  • Repo & CI: Adds CODEOWNERS, switches v1.x releases to an ephemeral release branch, and removes orphaned Bower support. (#10739, #10738, #10746)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.15.0 - April 7, 2026

This release delivers two critical security patches targeting header injection and SSRF via proxy bypass, adds official runtime support for Deno and Bun, and includes significant CI security hardening.

🔒 Security Fixes

  • Header Injection (CRLF): Rejects any header value containing \r or \n characters to block CRLF injection chains that could be used to exfiltrate cloud metadata (IMDS). Behavior change: headers with CR/LF now throw "Invalid character in header content". (#10660)

  • SSRF via no_proxy Bypass: Introduces a shouldBypassProxy helper that normalises hostnames (strips trailing dots, handles bracketed IPv6) before evaluating no_proxy/NO_PROXY rules, closing a gap that could cause loopback or internal hosts to be inadvertently proxied. (#10661)

🚀 New Features

  • Deno & Bun Runtime Support: Added full smoke test suites for Deno and Bun, with CI workflows that run both runtimes before any release is cut. (#10652)

🐛 Bug Fixes

  • Node.js v22 Compatibility: Replaced deprecated url.parse() calls with the WHATWG URL/URLSearchParams API across examples, sandbox, and tests, eliminating DEP0169 deprecation warnings on Node.js v22+. (#10625)

🔧 Maintenance & Chores

  • CI Security Hardening: Added zizmor GitHub Actions security scanner; switched npm publish to OIDC Trusted Publishing (removing the long-lived NODE_AUTH_TOKEN); pinned all action references to full commit SHAs; narrowed workflow permissions to least privilege; gated the publish step behind a dedicated npm-publish environment; and blocked the sponsor-block workflow from running on forks. (#10618, #10619, #10627, #10637, #10641, #10666)

  • Docs: Clarified HTTP/2 support and the unsupported httpVersion option; added documentation for header case preservation; improved the beforeRedirect example to prevent accidental credential leakage. (#10644, #10654, #10624)

  • Dependencies: Bumped picomatch, handlebars, serialize-javascript, vite (×3), denoland/setup-deno, and 4 additional dev dependencies to latest versions. (#10564, #10565, #10567, #10568, #10572, #10574, #10663, #10664, #10665, #10669, #10670)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.14.0 - March 27, 2026

This release fixes a security vulnerability in the formidable dependency, resolves a CommonJS compatibility regression, hardens proxy and HTTP/2 handling, and modernises the build and test toolchain.

🔒 Security Fixes

  • Formidable Vulnerability: Upgraded formidable from v2 to v3 to address a reported arbitrary-file vulnerability. Updated test server and assertions to align with the v3 API. (#7533)

🐛 Bug Fixes

  • CommonJS Compatibility: Restored require('axios') in Node.js by correcting the main field in package.json to point to the built CJS bundle. (#7532)

  • Fetch Adapter: Cancel the ReadableStream body after the request stream capability probe to prevent resource leaks. (#7515)

  • Proxy: Upgraded proxy-from-env to v2 and switched to the named getProxyForUrl export, fixing proxy detection from environment variables and resolving CJS bundling errors. (#7499)

  • HTTP/2: Close detached HTTP/2 sessions on timeout to free resources when no new requests arrive. (#7457)

  • Headers: Trim trailing CRLF characters from normalised header values. (#7456)

🔧 Maintenance & Chores

  • Toolchain Modernisation: Migrated test suite to Vitest, updated ESLint to v10, upgraded Rollup and @rollup/plugin-babel, migrated to Husky 9, upgraded TypeScript to latest, and modernised the Express test harness. (#7484, #7489, #7498, #7505, #7506, #7507, #7508, #7509, #7510, #7516, #7522)

  • Dependencies: Bumped multer to v2, minimatch, tar, pacote, @babel/preset-env, and additional dev dependencies. (#7453, #7480, #7491, #7504, #7517, #7531)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.13.6 - February 27, 2026

This release adds React Native Blob support, fixes several enumeration and export regressions, and patches FormData detection for WeChat Mini Program environments.

🚀 New Features

  • React Native Blob Support: Axios now correctly handles native Blob objects in React Native environments. (#5764)

🐛 Bug Fixes

  • AxiosError: Fixed AxiosError.from not copying the status field from the source error. (#7403)

  • AxiosError: Made the message property enumerable so it appears in JSON.stringify output and Object.keys. (#7392)

  • FormData Detection: Corrected safe FormData detection for WeChat Mini Program environments. (#7324)

  • React Native / Browserify Export: Fixed broken module export that caused import failures in React Native and Browserify. (#7386)

🔧 Maintenance & Chores

  • Dependencies: Migrated @rollup/plugin-babel from v5 to v6 and bumped the development dependencies group. (#7424, #7432)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.13.5 - February 8, 2026

This release patches a prototype pollution denial-of-service vulnerability, fixes a missing status field regression in AxiosError, adds interceptor ordering control, and introduces URL validation for isAbsoluteURL.

🔒 Security Fixes

  • Prototype Pollution (DoS): Hardened mergeConfig to ignore __proto__, constructor, and prototype keys, preventing denial-of-service via prototype pollution when merging user-supplied config. (#7369)

🚀 New Features

  • isAbsoluteURL Validation: Added input validation to isAbsoluteURL to handle malformed or unexpected input gracefully. (#7326)

🐛 Bug Fixes

  • AxiosError status: Restored the status field on AxiosError instances, which was missing in v1.13.3 and later. (#7368)

  • Interceptor Ordering: Added a useLegacyInterceptorOrder option to restore pre-v1.13 interceptor execution order for applications relying on the previous behaviour. (569f028)

🔧 Maintenance & Chores

  • CI: Fixed run conditions and updated workflow YAMLs. (#7372, #7373)

  • Dependencies: Bumped karma-sourcemap-loader and minor package versions. (#7356, #7360)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.13.4 - January 27, 2026

Patch release fixing regressions introduced in v1.13.3, including TypeScript export compatibility and CI/build stability.

🐛 Bug Fixes

  • v1.13.3 Regressions: Fixed multiple issues introduced by the v1.13.3 release, including broken merge configs. (#7352)

  • TypeScript Exports: Corrected TypeScript export declarations to restore proper type resolution. (#4884)

🔧 Maintenance & Chores

  • CI & Build: Refactored CI pipeline and build configuration for stability. (#7340)

Full Changelog

1.13.3 (2026-01-20)

Bug Fixes

  • http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
  • interceptor: handle the error in the same interceptor (#6269) (5945e40)
  • main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
  • package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
  • silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
  • turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
  • types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
  • types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
  • unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

Reverts

  • Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
  • deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

  • avatar Ashvin Tiwari')
  • avatar Nikunj Mochi')
  • avatar Anchal Singh')
  • avatar jasonsaayman')
  • avatar Julian Dax')
  • avatar Akash Dhar Dubey')
  • avatar Madhumita')
  • avatar Tackoil')
  • avatar Justin Dhillon')
  • avatar Rudransh')
  • avatar WuMingDao')
  • avatar codenomnom')
  • avatar Nandan Acharya')
  • avatar Eric Dubé')
  • avatar Tibor Pilz')
  • avatar Gabriel Quaresma')
  • avatar Turadg Aleahmad')
  • avatar JohnTitor')
  • avatar rohit miryala')
  • avatar Wilson Mun')
  • avatar techcodie')
  • avatar Ved Vadnere')
  • avatar svihpinc')
  • avatar SANDESH LENDVE')
  • avatar Lubos')
  • avatar Jarred Sumner')
  • avatar Adam Hines')
  • avatar Subhan Kumar Rai')
  • avatar Joseph Frazier')
  • avatar KT0803')
  • avatar Albie')
  • avatar Jake Hayes')

1.13.2 (2025-11-04)

Bug Fixes

  • http: fix 'socket hang up' bug for keep-alive requests when using timeouts; (#7206) (8d37233)
  • http: use default export for http2 module to support stubs; (#7196) (0588880)

Performance Improvements

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar Kasper Isager Dalsgarð')

1.13.1 (2025-10-28)

Bug Fixes

  • http: fixed a regression that caused the data stream to be interrupted for responses with non-OK HTTP statuses; (#7193) (bcd5581)

Contributors to this release

  • avatar Anchal Singh')
  • avatar Dmitriy Mozgovoy')

1.13.0 (2025-10-27)

Bug Fixes

  • fetch: prevent TypeError when config.env is undefined (#7155) (015faec)
  • resolve issue #7131 (added spacing in mergeConfig.js) (#7133) (9b9ec98)

Features

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar Noritaka Kobayashi')
  • avatar Aviraj2929')
  • avatar prasoon patel')
  • avatar Samyak Dandge')
  • avatar Anchal Singh')
  • avatar Rahul Kumar')
  • avatar Amit Verma')
  • avatar Abhishek3880')
  • avatar Dhvani Maktuporia')
  • avatar Usama Ayoub')
  • avatar ikuy1203')
  • avatar Nikhil Simon Toppo')
  • avatar Jane Wangari')
  • avatar Supakorn Ieamgomol')
  • avatar Kian-Meng Ang')
  • avatar UTSUMI Keiji')

1.12.2 (2025-09-14)

Bug Fixes

  • fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#7030) (cf78825)

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar Noritaka Kobayashi')

1.12.1 (2025-09-12)

Bug Fixes

Contributors to this release

  • avatar Dmitriy Mozgovoy')

1.12.0 (2025-09-11)

Bug Fixes

Features

  • adapter: surface low‑level network error details; attach original error via cause (#6982) (78b290c)
  • fetch: add fetch, Request, Response env config variables for the adapter; (#7003) (c959ff2)
  • support reviver on JSON.parse (#5926) (2a97634), closes #5924
  • types: extend AxiosResponse interface to include custom headers type (#6782) (7960d34)

Contributors to this release

  • avatar Willian Agostini')
  • avatar Dmitriy Mozgovoy')
  • avatar khani')
  • avatar Ameer Assadi')
  • avatar Emiedonmokumo Dick-Boro')
  • avatar Zeroday BYTE')
  • avatar Jason Saayman')
  • avatar 최예찬')
  • avatar Gligor Kotushevski')
  • avatar Aleksandar Dimitrov')

1.11.0 (2025-07-22)

Bug Fixes

  • form-data npm package (#6970) (e72c193)
  • prevent RangeError when using large Buffers (#6961) (a2214ca)
  • types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

  • avatar izzy goldman')
  • avatar Manish Sahani')
  • avatar Noritaka Kobayashi')
  • avatar James Nail')
  • avatar Tejaswi1305')

1.10.0 (2025-06-14)

Bug Fixes

  • adapter: pass fetchOptions to fetch function (#6883) (0f50af8)
  • form-data: convert boolean values to strings in FormData serialization (#6917) (5064b10)
  • package: add module entry point for React Native; (#6933) (3d343b8)

Features

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar Noritaka Kobayashi')
  • avatar Dimitrios Lazanas')
  • avatar Adrian Knapp')
  • avatar Howie Zhao')
  • avatar Uhyeon Park')
  • avatar Sampo Silvennoinen')

1.9.0 (2025-04-24)

Bug Fixes

  • core: fix the Axios constructor implementation to treat the config argument as optional; (#6881) (6c5d4cd)
  • fetch: fixed ERR_NETWORK mapping for Safari browsers; (#6767) (dfe8411)
  • headers: allow iterable objects to be a data source for the set method; (#6873) (1b1f9cc)
  • headers: fix getSetCookie by using 'get' method for caseless access; (#6874) (d4f7df4)
  • headers: fixed support for setting multiple header values from an iterated source; (#6885) (f7a3b5e)
  • http: send minimal end multipart boundary (#6661) (987d2e2)
  • types: fix autocomplete for adapter config (#6855) (e61a893)

Features

  • AxiosHeaders: add getSetCookie method to retrieve set-cookie headers values (#5707) (80ea756)

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar Jay')
  • avatar Willian Agostini')
  • avatar George Cheng')
  • avatar FatahChan')
  • avatar Ionuț G. Stan')

1.8.4 (2025-03-19)

Bug Fixes

  • buildFullPath: handle allowAbsoluteUrls: false without baseURL (#6833) (f10c2e0)

Contributors to this release

  • avatar Marc Hassan')

1.8.3 (2025-03-10)

Bug Fixes

  • add missing type for allowAbsoluteUrls (#6818) (10fa70e)
  • xhr/fetch: pass allowAbsoluteUrls to buildFullPath in xhr and fetch adapters (#6814) (ec159e5)

Contributors to this release

  • avatar Ashcon Partovi')
  • avatar StefanBRas')
  • avatar Marc Hassan')

1.8.2 (2025-03-07)

Bug Fixes

  • http-adapter: add allowAbsoluteUrls to path building (#6810) (fb8eec2)

Contributors to this release

  • avatar Fasoro-Joseph Alexander')

1.8.1 (2025-02-26)

Bug Fixes

  • utils: move generateString to platform utils to avoid importing crypto module into client builds; (#6789) (36a5a62)

Contributors to this release

  • avatar Dmitriy Mozgovoy')

1.8.0 (2025-02-25)

Bug Fixes

  • examples: application crashed when navigating examples in browser (#5938) (1260ded)
  • missing word in SUPPORT_QUESTION.yml (#6757) (1f890b1)
  • utils: replace getRandomValues with crypto module (#6788) (23a25af)

Features

Reverts

BREAKING CHANGES

  • code relying on the above will now combine the URLs instead of prefer request URL

  • feat: add config option for allowing absolute URLs

  • fix: add default value for allowAbsoluteUrls in buildFullPath

  • fix: typo in flow control when setting allowAbsoluteUrls

Contributors to this release

  • avatar Michael Toscano')
  • avatar Willian Agostini')
  • avatar Naron')
  • avatar shravan || श्रvan')
  • avatar Justin Dhillon')
  • avatar yionr')
  • avatar Shin'ya Ueoka')
  • avatar Dan Dascalescu')
  • avatar Nitin Ramnani')
  • avatar Shay Molcho')
  • avatar Jay')
  • fancy45daddy
  • avatar Habip Akyol')
  • avatar Bailey Lissington')
  • avatar Bernardo da Eira Duarte')
  • avatar Shivam Batham')
  • avatar Lipin Kariappa')

1.7.9 (2024-12-04)

Reverts

Contributors to this release

  • avatar Jay')

1.7.8 (2024-11-25)

Bug Fixes

  • allow passing a callback as paramsSerializer to buildURL (#6680) (eac4619)
  • core: fixed config merging bug (#6668) (5d99fe4)
  • fixed width form to not shrink after 'Send Request' button is clicked (#6644) (7ccd5fd)
  • http: add support for File objects as payload in http adapter (#6588) (#6605) (6841d8d)
  • http: fixed proxy-from-env module import (#5222) (12b3295)
  • http: use globalThis.TextEncoder when available (#6634) (df956d1)
  • ios11 breaks when build (#6608) (7638952)
  • types: add missing types for mergeConfig function (#6590) (00de614)
  • types: export CJS types from ESM (#6218) (c71811b)
  • updated stream aborted error message to be more clear (#6615) (cc3217a)
  • use URL API instead of DOM to fix a potential vulnerability warning; (#6714) (0a8d6e1)

Contributors to this release

  • avatar Remco Haszing')
  • avatar Jay')
  • avatar Aayush Yadav')
  • avatar Dmitriy Mozgovoy')
  • avatar Ell Bradshaw')
  • avatar Amit Saini')
  • avatar Tommaso Paulon')
  • avatar Akki')
  • avatar Sampo Silvennoinen')
  • avatar Kasper Isager Dalsgarð')
  • avatar Christian Clauss')
  • avatar Pavan Welihinda')
  • avatar Taylor Flatt')
  • avatar Kenzo Wada')
  • avatar Ngole Lawson')
  • avatar Haven')
  • avatar Shrivali Dutt')
  • avatar Henco Appel')

1.7.7 (2024-08-31)

Bug Fixes

  • fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
  • http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

  • avatar Rishi556')
  • avatar Dmitriy Mozgovoy')

1.7.6 (2024-08-30)

Bug Fixes

  • fetch: fix content length calculation for FormData payload; (#6524) (085f568)
  • fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar Jacques Germishuys')
  • avatar kuroino721')

1.7.5 (2024-08-23)

Bug Fixes

  • adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
  • core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
  • core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
  • fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar Antonin Bas')
  • avatar Hans Otto Wirtz')

1.7.4 (2024-08-13)

Bug Fixes

Contributors to this release

  • avatar Lev Pachmanov')
  • avatar Đỗ Trọng Hải')

1.7.3 (2024-08-01)

Bug Fixes

  • adapter: fix progress event emitting; (#6518) (e3c76fc)
  • fetch: fix withCredentials request config (#6505) (85d4d0e)
  • xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar Valerii Sidorenko')
  • avatar prianYu')

1.7.2 (2024-05-21)

Bug Fixes

Contributors to this release

  • avatar Dmitriy Mozgovoy')

1.7.1 (2024-05-20)

Bug Fixes

  • fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

  • avatar Dmitriy Mozgovoy')

1.7.0 (2024-05-19)

Features

Bug Fixes

  • core/axios: handle un-writable error stack (#6362) (81e0455)

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar Jay')
  • avatar Alexandre ABRIOUX')

1.7.0-beta.2 (2024-05-19)

Bug Fixes

  • fetch: capitalize HTTP method names; (#6395) (ad3174a)
  • fetch: fix & optimize progress capturing for cases when the request data has a nullish value or zero data length (#6400) (95a3e8e)
  • fetch: fix headers getting from a stream response; (#6401) (870e0a7)

Contributors to this release

  • avatar Dmitriy Mozgovoy')

1.7.0-beta.1 (2024-05-07)

Bug Fixes

  • core/axios: handle un-writable error stack (#6362) (81e0455)
  • fetch: fix cases when ReadableStream or Response.body are not available; (#6377) (d1d359d)
  • fetch: treat fetch-related TypeError as an AxiosError.ERR_NETWORK error; (#6380) (bb5f9a5)

Contributors to this release

  • avatar Alexandre ABRIOUX')
  • avatar Dmitriy Mozgovoy')

1.7.0-beta.0 (2024-04-28)

Features

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar Jay')

1.6.8 (2024-03-15)

Bug Fixes

  • AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#6243) (2656612)
  • import: use named export for EventEmitter; (7320430)
  • vulnerability: update follow-redirects to 1.15.6 (#6300) (8786e0f)

Contributors to this release

  • avatar Jay')
  • avatar Dmitriy Mozgovoy')
  • avatar Mitchell')
  • avatar Emmanuel')
  • avatar Lucas Keller')
  • avatar Aditya Mogili')
  • avatar Miroslav Petrov')

1.6.7 (2024-01-25)

Bug Fixes

  • capture async stack only for rejections with native error objects; (#6203) (1a08f90)

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar zhoulixiang')

1.6.6 (2024-01-24)

Bug Fixes

  • fixed missed dispatchBeforeRedirect argument (#5778) (a1938ff)
  • wrap errors to improve async stack trace (#5987) (123f354)

Contributors to this release

  • avatar Ilya Priven')
  • avatar Zao Soula')

1.6.5 (2024-01-05)

Bug Fixes

  • ci: refactor notify action as a job of publish action; (#6176) (0736f95)
  • dns: fixed lookup error handling; (#6175) (f4f2b03)

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar Jay')

1.6.4 (2024-01-03)

Bug Fixes

  • security: fixed formToJSON prototype pollution vulnerability; (#6167) (3c0c11c)
  • security: fixed security vulnerability in follow-redirects (#6163) (75af1cd)

Contributors to this release

  • avatar Jay')
  • avatar Dmitriy Mozgovoy')
  • avatar Guy Nesher')

1.6.3 (2023-12-26)

Bug Fixes

  • Regular Expression Denial of Service (ReDoS) (#6132) (5e7ad38)

Contributors to this release

  • avatar Jay')
  • avatar Willian Agostini')
  • avatar Dmitriy Mozgovoy')

1.6.2 (2023-11-14)

Features

  • withXSRFToken: added withXSRFToken option as a workaround to achieve the old withCredentials behavior; (#6046) (cff9967)

PRs

  • feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #6046 )

📢 This PR added &#x27;withXSRFToken&#x27; option as a replacement for old withCredentials behaviour.
You should now use withXSRFToken along with withCredential to get the old behavior.
This functionality is considered as a fix.

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar Ng Choon Khon (CK)')
  • avatar Muhammad Noman')

1.6.1 (2023-11-08)

Bug Fixes

  • formdata: fixed content-type header normalization for non-standard browser environments; (#6056) (dd465ab)
  • platform: fixed emulated browser detection in node.js environment; (#6055) (3dc8369)

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar Fabian Meyer')

PRs

  • feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #6046 )

📢 This PR added &#x27;withXSRFToken&#x27; option as a replacement for old withCredentials behaviour.
You should now use withXSRFToken along with withCredential to get the old behavior.
This functionality is considered as a fix.

1.6.0 (2023-10-26)

Bug Fixes

  • CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
  • dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
  • types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar Valentin Panov')
  • avatar Rinku Chaudhari')

1.5.1 (2023-09-26)

Bug Fixes

  • adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
  • formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
  • headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
  • types: removed duplicated code (9e62056)

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar David Dallas')
  • avatar Sean Sattler')
  • avatar Mustafa Ateş Uzun')
  • avatar Przemyslaw Motacki')
  • avatar Michael Di Prisco')

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.5.0 (2023-08-26)

Bug Fixes

  • adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
  • dns: fixed cacheable-lookup integration; (#5836) (b3e327d)
  • headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
  • headers: fixed common Content-Type header merging; (#5832) (8fda276)

Features

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar 夜葬')
  • avatar Jonathan Budiman')
  • avatar Michael Di Prisco')

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.4.0 (2023-04-27)

Bug Fixes

  • formdata: add multipart/form-data content type for FormData payload on custom client environments; (#5678) (bbb61e7)
  • package: export package internals with unsafe path prefix; (#5677) (df38c94)

Features

  • dns: added support for a custom lookup function; (#5339) (2701911)
  • types: export AxiosHeaderValue type. (#5525) (726f1c8)

Performance Improvements

  • merge-config: optimize mergeConfig performance by avoiding duplicate key visits; (#5679) (e6f7053)

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar Arthur Fiorette')
  • avatar PIYUSH NEGI')

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.3.6 (2023-04-19)

Bug Fixes

  • types: added transport to RawAxiosRequestConfig (#5445) (6f360a2)
  • utils: make isFormData detection logic stricter to avoid unnecessary calling of the toString method on the target; (#5661) (aa372f7)

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar Michael Di Prisco')

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.3.5 (2023-04-05)

Bug Fixes

  • headers: fixed isValidHeaderName to support full list of allowed characters; (#5584) (e7decef)
  • params: re-added the ability to set the function as paramsSerializer config; (#5633) (a56c866)

Contributors to this release

  • avatar Dmitriy Mozgovoy')

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.3.4 (2023-02-22)

Bug Fixes

  • blob: added a check to make sure the Blob class is available in the browser's global scope; (#5548) (3772c8f)
  • http: fixed regression bug when handling synchronous errors inside the adapter; (#5564) (a3b246c)

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar lcysgsg')
  • avatar Michael Di Prisco')

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.3.3 (2023-02-13)

Bug Fixes

  • formdata: added a check to make sure the FormData class is available in the browser's global scope; (#5545) (a6dfa72)
  • formdata: fixed setting NaN as Content-Length for form payload in some cases; (#5535) (c19f7bf)
  • headers: fixed the filtering logic of the clear method; (#5542) (ea87ebf)

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar 陈若枫')

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.3.2 (2023-02-03)

Bug Fixes

  • http: treat http://localhost as base URL for relative paths to avoid ERR_INVALID_URL error; (#5528) (128d56f)
  • http: use explicit import instead of TextEncoder global; (#5530) (6b3c305)

Contributors to this release

  • avatar Dmitriy Mozgovoy')

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.3.1 (2023-02-01)

Bug Fixes

  • formdata: add hotfix to use the asynchronous API to compute the content-length header value; (#5521) (96d336f)
  • serializer: fixed serialization of array-like objects; (#5518) (08104c0)

Contributors to this release

  • avatar Dmitriy Mozgovoy')

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.3.0 (2023-01-31)

Bug Fixes

Features

  • fomdata: added support for spec-compliant FormData & Blob types; (#5316) (6ac574e)

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar ItsNotGoodName')

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.2.6 (2023-01-28)

Bug Fixes

  • headers: added missed Authorization accessor; (#5502) (342c0ba)
  • types: fixed CommonRequestHeadersList & CommonResponseHeadersList types to be private in commonJS; (#5503) (5a3d0a3)

Contributors to this release

  • avatar Dmitriy Mozgovoy')

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.2.5 (2023-01-26)

Bug Fixes

  • types: fixed AxiosHeaders to handle spread syntax by making all methods non-enumerable; (#5499) (580f1e8)

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar Elliot Ford')

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.2.4 (2023-01-22)

Bug Fixes

  • types: renamed RawAxiosRequestConfig back to AxiosRequestConfig; (#5486) (2a71f49)
  • types: fix AxiosRequestConfig generic; (#5478) (9bce81b)

Contributors to this release

  • avatar Dmitriy Mozgovoy')
  • avatar Daniel Hillmann')

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.2.3 (2023-01-10)

Bug Fixes

  • types: fixed AxiosRequestConfig header interface by refactoring it to RawAxiosRequestConfig; (#5420) (0811963)

Contributors to this release

  • avatar Dmitriy Mozgovoy')

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

[1.2.2] - 2022-12-29

Fixed

  • fix(ci): fix release script inputs #5392
  • fix(ci): prerelease scipts #5377
  • fix(ci): release scripts #5376
  • fix(ci): typescript tests #5375
  • fix: Brotli decompression #5353
  • fix: add missing HttpStatusCode #5345

Chores

  • chore(ci): set conventional-changelog header config #5406
  • chore(ci): fix automatic contributors resolving #5403
  • chore(ci): improved logging for the contributors list generator #5398
  • chore(ci): fix release action #5397
  • chore(ci): fix version bump script by adding bump argument for target version #5393
  • chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2 #5342
  • chore(ci): GitHub Actions Release script #5384
  • chore(ci): release scripts #5364

Contributors to this release

[1.2.1] - 2022-12-05

Changed

  • feat(exports): export mergeConfig #5151

Fixed

  • fix(CancelledError): include config #4922
  • fix(general): removing multiple/trailing/leading whitespace #5022
  • fix(headers): decompression for responses without Content-Length header #5306
  • fix(webWorker): exception to sending form data in web worker #5139

Refactors

  • refactor(types): AxiosProgressEvent.event type to any #5308
  • refactor(types): add missing types for static AxiosError.from method #4956

Chores

  • chore(docs): remove README link to non-existent upgrade guide #5307
  • chore(docs): typo in issue template name #5159

Contributors to this release

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

[1.2.0] - 2022-11-10

Changed

  • changed: refactored module exports #5162
  • change: re-added support for loading Axios with require('axios').default #5225

Fixed

  • fix: improve AxiosHeaders class #5224
  • fix: TypeScript type definitions for commonjs #5196
  • fix: type definition of use method on AxiosInterceptorManager to match the README #5071
  • fix: __dirname is not defined in the sandbox #5269
  • fix: AxiosError.toJSON method to avoid circular references #5247
  • fix: Z_BUF_ERROR when content-encoding is set but the response body is empty #5250

Refactors

  • refactor: allowing adapters to be loaded by name #5277

Chores

  • chore: force CI restart #5243
  • chore: update ECOSYSTEM.md #5077
  • chore: update get/index.html #5116
  • chore: update Sandbox UI/UX #5205
  • chore:(actions): remove git credentials after checkout #5235
  • chore(actions): bump actions/dependency-review-action from 2 to 3 #5266
  • chore(packages): bump loader-utils from 1.4.1 to 1.4.2 #5295
  • chore(packages): bump engine.io from 6.2.0 to 6.2.1 #5294
  • chore(packages): bump socket.io-parser from 4.0.4 to 4.0.5 #5241
  • chore(packages): bump loader-utils from 1.4.0 to 1.4.1 #5245
  • chore(docs): update Resources links in README #5119
  • chore(docs): update the link for JSON url #5265
  • chore(docs): fix broken links #5218
  • chore(docs): update and rename UPGRADE_GUIDE.md to MIGRATION_GUIDE.md #5170
  • chore(docs): typo fix line #856 and #920 #5194
  • chore(docs): typo fix #800 #5193
  • chore(docs): fix typos #5184
  • chore(docs): fix punctuation in README.md #5197
  • chore(docs): update readme in the Handling Errors section - issue reference #5260 #5261
  • chore: remove \b from filename #5207
  • chore(docs): update CHANGELOG.md #5137
  • chore: add sideEffects false to package.json #5025

Contributors to this release

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

[1.1.3] - 2022-10-15

Added

  • Added custom params serializer support #5113

Fixed

  • Fixed top-level export to keep them in-line with static properties #5109
  • Stopped including null values to query string. #5108
  • Restored proxy config backwards compatibility with 0.x #5097
  • Added back AxiosHeaders in AxiosHeaderValue #5103
  • Pin CDN install instructions to a specific version #5060
  • Handling of array values fixed for AxiosHeaders #5085

Chores

  • docs: match badge style, add link to them #5046
  • chore: fixing comments typo #5054
  • chore: update issue template #5061
  • chore: added progress capturing section to the docs; #5084

Contributors to this release

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

[1.1.2] - 2022-10-07

Fixed

  • Fixed broken exports for UMD builds.

Contributors to this release

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

[1.1.1] - 2022-10-07

Fixed

  • Fixed broken exports for common js. This fix breaks a prior fix, I will fix both issues ASAP but the commonJS use is more impactful.

Contributors to this release

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

[1.1.0] - 2022-10-06

Fixed

  • Fixed missing exports in type definition index.d.ts #5003
  • Fixed query params composing #5018
  • Fixed GenericAbortSignal interface by making it more generic #5021
  • Fixed adding "clear" to AxiosInterceptorManager #5010
  • Fixed commonjs & umd exports #5030
  • Fixed inability to access response headers when using axios 1.x with Jest #5036

Contributors to this release

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

[1.0.0] - 2022-10-04

Added

  • Added stack trace to AxiosError #4624
  • Add AxiosError to AxiosStatic #4654
  • Replaced Rollup as our build runner #4596
  • Added generic TS types for the exposed toFormData helper #4668
  • Added listen callback function #4096
  • Added instructions for installing using PNPM #4207
  • Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill #4229
  • Added axios-url-template in ECOSYSTEM.md #4238
  • Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an axios instance #4248
  • Added react hook plugin #4319
  • Adding HTTP status code for transformResponse #4580
  • Added blob to the list of protocols supported by the browser #4678
  • Resolving proxy from env on redirect #4436
  • Added enhanced toFormData implementation with additional options 4704
  • Adding Canceler parameters config and request #4711
  • Added automatic payload serialization to application/x-www-form-urlencoded #4714
  • Added the ability for webpack users to overwrite built-ins #4715
  • Added string[] to AxiosRequestHeaders type #4322
  • Added the ability for the url-encoded-form serializer to respect the formSerializer config #4721
  • Added isCancel type assert #4293
  • Added data URL support for node.js #4725
  • Adding types for progress event callbacks #4675
  • URL params serializer #4734
  • Added axios.formToJSON method #4735
  • Bower platform add data protocol #4804
  • Use WHATWG URL API instead of url.parse() #4852
  • Add ENUM containing Http Status Codes to typings #4903
  • Improve typing of timeout in index.d.ts #4934

Changed

  • Updated AxiosError.config to be optional in the type definition #4665
  • Updated README emphasizing the URLSearchParam built-in interface over other solutions #4590
  • Include request and config when creating a CanceledError instance #4659
  • Changed func-names eslint rule to as-needed #4492
  • Replacing deprecated substr() with slice() as substr() is deprecated #4468
  • Updating HTTP links in README.md to use HTTPS #4387
  • Updated to a better trim() polyfill #4072
  • Updated types to allow specifying partial default headers on instance create #4185
  • Expanded isAxiosError types #4344
  • Updated type definition for axios instance methods #4224
  • Updated eslint config #4722
  • Updated Docs #4742
  • Refactored Axios to use ES2017 #4787

Deprecated

  • There are multiple deprecations, refactors and fixes provided in this release. Please read through the full release notes to see how this may impact your project and use case.

Removed

  • Removed incorrect argument for NetworkError constructor #4656
  • Removed Webpack #4596
  • Removed function that transform arguments to array #4544

Fixed

  • Fixed grammar in README #4649
  • Fixed code error in README #4599
  • Optimized the code that checks cancellation #4587
  • Fix url pointing to defaults.js in README #4532
  • Use type alias instead of interface for AxiosPromise #4505
  • Fix some word spelling and lint style in code comments #4500
  • Edited readme with 3 updated browser icons of Chrome, FireFox and Safari #4414
  • Bump follow-redirects from 1.14.9 to 1.15.0 #4673
  • Fixing http tests to avoid hanging when assertions fail #4435
  • Fix TS definition for AxiosRequestTransformer #4201
  • Fix grammatical issues in README #4232
  • Fixing instance.defaults.headers type #4557
  • Fixed race condition on immediate requests cancellation #4261
  • Fixing Z_BUF_ERROR when no content #4701
  • Fixing proxy beforeRedirect regression #4708
  • Fixed AxiosError status code type #4717
  • Fixed AxiosError stack capturing #4718
  • Fixing AxiosRequestHeaders typings #4334
  • Fixed max body length defaults #4731
  • Fixed toFormData Blob issue on node>v17 #4728
  • Bump grunt from 1.5.2 to 1.5.3 #4743
  • Fixing content-type header repeated #4745
  • Fixed timeout error message for http 4738
  • Request ignores false, 0 and empty string as body values #4785
  • Added back missing minified builds #4805
  • Fixed a type error #4815
  • Fixed a regression bug with unsubscribing from cancel token; #4819
  • Remove repeated compression algorithm #4820
  • The error of calling extend to pass parameters #4857
  • SerializerOptions.indexes allows boolean | null | undefined #4862
  • Require interceptors to return values #4874
  • Removed unused imports #4949
  • Allow null indexes on formSerializer and paramsSerializer #4960

Chores

  • Set permissions for GitHub actions #4765
  • Included githubactions in the dependabot config #4770
  • Included dependency review #4771
  • Update security.md #4784
  • Remove unnecessary spaces #4854
  • Simplify the import path of AxiosError #4875
  • Fix Gitpod dead link #4941
  • Enable syntax highlighting for a code block #4970
  • Using Logo Axios in Readme.md #4993
  • Fix markup for note in README #4825
  • Fix typo and formatting, add colons #4853
  • Fix typo in readme #4942

Security

  • Update SECURITY.md #4687

Contributors to this release